Multi-factor Authentication

Overview

What is multi-factor authentication?

MFA stands for Multi-Factor Authentication and refers to the ability to authenticate a user based on more than just a username and password.

Multi-factor authentication is a security feature that can help protect every users’ AdviceOS account by adding a second step to the login process in addition to the username and password. This second steps requires users to authenticate themselves by adding a temporary code that is shared with the user through one of three methods before being granted access to AdviceOS (authenticator app, SMS or email).

Two factor authentication (2FA) and MFA are effectively the same principle, both adding a second step to a login process. The only difference is that MFA allows a user to choose how the second step is performed (e.g. via SMS, email, app etc.) whilst 2FA always uses the same method for every user.

How to start using multi-factor authentication?

Multi-factor authentication is automatically set up for all users unless they have previously requested not to have this feature. If you do not have multi-factor authentication set up, please contact Midwinter support (1300 882 938 or info@Midwinter.com.au) or your account manager to have this enabled for your account.

FAQs

How does MFA help protect my client's data?

MFA provides a second line of defence for your AdviceOS account. With MFA enabled, even someone with your account password would not be able to login into your account as they would also require access to your phone or email account. This provides additional protections to all client data held in AdviceOS and improves the already robust security measures Midwinter takes to protect your client’s data.

How fast is MFA?

AdviceOS will take seconds to authenticate your login once the temporary code (which is provided to the user as a text/email/authenticator app code) is entered into the login page. The codes are provided to the user immediately upon entering the correct username and password.

What happens when I forget my password

The password reset process remains unchanged. You can either use the “forgot password” link in the login page or contact Midwinter Support on (1300 882 938) who will send you a reset password link.

I chose the wrong authentication method and now I can't change it?

Please contact Midwinter Support (1300 882 938 or info@midwinter.com.au) to request a reset your MFA method. Once this has been completed AdviceOS will prompt you to select a method when you next login.

Using MFA

Setup

MFA will be automatically set up for all users unless they have previously requested not to have this feature. If you wish to set up MFA, Midwinter must first enable this for the user’s account. A user can contact Midwinter support (1300 882 938 or info@Midwinter.com.au) or an account manager they can get MFA enabled.

Once enabled, the user will be prompted for a username and password when logging into AdviceOS:

Upon signing in the user will be prompted to setup select an MFA method from three choices:

Authenticator – allows a user to use a compatible authenticator app on a mobile phone to generate a token.
Email –access code to be sent to an email address.
SMS –access code to be messaged to a mobile number.

Choosing an Authentication method

Authenticator

The Google authenticator is an app that needs to be installed on the users’ phone. This app then creates a short-term token/password which can be used to login to AdviceOS.

This method is a high-tech solution which creates a password that is only available for 30 seconds making it very hard to lose or share. Instructions to set up further down.

Email

AdviceOS will confirm that the user has permission to login by sending a reference code to the registered email address for this user. Once the user receives an email with an access code this will need to be entered into AdviceOS and then the user will be able to login.

This method can be used without using a mobile phone or third-party app by opening the registered email inbox on the computer. Instructions to set up in section 3.3.2.

SMS

SMS, similar to email, will SMS/text the access code to the phone number that has been saved to the user account. This will need to be entered into AdviceOS before the user will be logged in.

This method requires a physical phone to be available to access AdviceOS. Instructions to set up in 3.3.3.

Authenticator Setup

To use the authenticator method, the user will need to download the Google authenticator (other authenticators will work but Midwinter recommends Google) to their mobile phone from the app store.

Once downloaded the user will need follow the prompts in the app until it asks for a “QR code”.

Once the Google Authenticator is installed and ready for the QR code. AdviceOS will provide the QR code once the ‘Set up Authenticator’ button in AdviceOS is clicked. This QR code can then be scanned from the computer screen with the Authenticator app.

The authenticator will then produce a temporary code every 30 seconds, enter the code on the app into AdviceOS to authenticate.

Email Setup

To use email authentication, select the “Set up Email” option.

AdviceOS will then send an email to the saved email address for this user’s login. This email will have a 6-digit code which needs to be entered into AdviceOS.

SMS Setup

To use email SMS, select the “Set up SMS” option.

Midwinter will send an SMS to the saved phone number in AdviceOS with an access code that needs to be entered into AdviceOS.

If there is no phone number saved midwinter support (1300 882 938 or info@midwinter.com.au) can correct this.

Logging in after setting up MFA

Once this has been set up, the next time a user logs in to AdviceOS, after typing in a username and password, AdviceOS will ask for the “access code”. This will either be the access code in the authenticator app, or the access code sent in an email or SMS depending on the method chosen.

For more information please contact support on 1300 882 938 or via email at info@midwinter.com.au